﻿<?php
include("../includes/db_connect.php");
include("../includes/safefunctions.php");
	
if(isset($_POST["submit"])) {
	if($_POST["submit"] === "get") {
		$pnr = safety($_POST["pnr"]);
		$userQuery = mysqli_query($db, "SELECT * FROM users WHERE pnr='$pnr' LIMIT 1");
		if($userQuery->num_rows === 0) {
			echo "<div id=\"formEdit\">";
			echo "Användaren finns inte";
			echo "</div>";
		}else{
			$user = $userQuery->fetch_assoc();
		
			$groupQuery = mysqli_query($db, "SELECT * FROM user_groups");
		
			if(isset($user["firstname"]))
				$firstname = $user["firstname"];
			else
				$firstname = "";
			if(isset($user["lastname"]))
				$lastname = $user["lastname"];
			else
				$lastname = "";
			if(isset($user["address"]))
				$address = $user["address"];
			else
				$address = "";
			if(isset($user["email"]))
				$email = $user["email"];
			else
				$email = "";
			if(isset($user["skypename"]))
				$skype = $user["skypename"];
			else
				$skype = "";
			if(isset($user["rightsId"]))
				$rightsId = $user["rightsId"];
			else
				$rightsId = "";
		
			if(isset($user["zip"]))
				$zip = $user["zip"];
			else
				$zip = "";
			if(isset($user["city"]))
				$city = $user["city"];
			else
				$city = "";
			if(isset($user["phonenumber"]))
				$phonenumber = $user["phonenumber"];
			else
				$phonenumber = "";
		
		
		
			echo "<div id=\"formEdit\"><form class=\"formEdit\" method=\"POST\">
			<table>
			<tr>
			<td>FÖRNAMN: </td><td><input type=\"text\" name=\"firstname\" value=\"$firstname\" maxlength=\"50\"></td><td>*</td>
			</tr>
			<tr>
			<td>EFTERNAMN: </td><td><input type=\"text\" name=\"lastname\" value=\"$lastname\" maxlength=\"50\"></td><td>*</td>
			</tr>
			<tr>
			<td>LÖSENORD: </td><td><input type=\"password\" name=\"password\" value=\"\" maxlength=\"50\"></td>
			</tr>
			<tr>
			<td>VERIFIERA LÖSENORD: </td><td><input type=\"password\" name=\"verifypassword\" value=\"\" maxlength=\"50\"></td>
			</tr>
			<tr>
			<td>ADDRESS: </td><td><input type=\"text\" name=\"address\" value=\"$address\" maxlength=\"50\"></td><td>*</td>
			</tr>
			<tr>
			<td>ZIP:</td>
			<td><input type=\"number\" name=\"zip\" value=\"$zip\" maxlength=\"11\"></td>
			<td>*</td>
			</tr>
			<tr>
			<td>ORT:</td>
			<td><input type=\"text\" name=\"city\" value=\"$city\" maxlength=\"50\"></td>
			<td>*</td>
			</tr>
			<tr>
			<td>TELEFON:</td>
			<td><input type=\"number\" name=\"phonenumber\" value=\"$phonenumber\" maxlength=\"11\"></td>
			<td>*</td>
			</tr>
			<tr>
			<td>EMAIL: </td><td><input type=\"text\" name=\"email\" value=\"$email\" maxlength=\"50\"></td><td>*</td>
			</tr>
			<tr>
			<td>SKYPE: </td><td><input type=\"text\" name=\"skypename\" value=\"$skype\" maxlength=\"50\"></td>
			</tr>";
			echo "<tr>";
			echo "<td>GRUPP: </td><td>";
			echo "<select name=\"group\">";
			echo "<option value=\"-\">-</option>";
			while($group = $groupQuery->fetch_assoc()) {
				echo	"<option value=\"".$group["id"]."\" ";
				if($group["id"] === $rightsId) echo "selected=selected";
				echo ">".$group["name"]."</option>";
			}
			echo "</td><td>*</td></tr>";
			echo "</select>";
			echo "<tr><td><input type=\"submit\"name=\"submit\" value=\"Ändra\"></td></tr>";
			echo "
			</table>
			<input type=\"hidden\" name=\"pnr\" value=\"$pnr\">
			</form></div>";
		}
	}else if($_POST["submit"] === "edit") {
		$firstname = safety($_POST["firstname"]);
		$lastname = safety($_POST["lastname"]);
		$password = safety($_POST["password"]);
		$verifypassword = safety($_POST["verifypassword"]);
		$email = safety($_POST["email"]);
		$skype = safety($_POST["skypename"]);
		$pnr = safety($_POST["pnr"]);
		$rightsId = safety($_POST["group"]);
		$zip = safety($_POST["zip"]);
		$phonenumber = safety($_POST["phonenumber"]);
		$city = safety($_POST["city"]);
		$group = safety($_POST['group']);
		
		$groupQuery = mysqli_query($db, "SELECT name FROM user_groups WHERE id='$group'");
		$groupName = $groupQuery->fetch_assoc()["name"];
		$explodedGroup = explode("_", $groupName);
		
		$classId = 0;
		if(sizeof($explodedGroup) === 3) {
			$classYear = $explodedGroup[sizeof($explodedGroup) - 1];
			$className = $explodedGroup[0];
			$classQuery = mysqli_query($db, "SELECT id FROM class WHERE name='$className' AND year='$classYear'");
			$classId = $classQuery->fetch_assoc()['id'];
		}
		
		$error = false;
		$editPW = true;
		if(strlen($firstname) === 0) {
			$error = "Saknar förnamn";
		}else if(strlen($lastname) === 0) {
			$error = "Saknar efternamn";
		}else if(strlen($email) === 0) {
			$error = "Saknar email";
		}else if(strlen($phonenumber) === 0) {
			$error = "Saknar telefon-nummer";
		}else if(strlen($zip) === 0) {
			$error = "Saknar postnummer";
		}else if(strlen($city) === 0) {
			$error = "Saknar ort";
		}else if(!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i", $email)) {
			$error = "Ogiltigt mailformat";
		}else if($password > 0  && $password < 3) {
			$error = "Lösenordet måste minst vara 3 tecken";
		}else if(strlen($password) === 0) {
			$editPW = false;
		}else if($verifypassword !== $password) {
			$error = "Lösenorden stämmer inte överens";
		}
		
		if(is_NaN($rightsId)) {
			$rightsId = 0;
		}
		echo "<div id=\"formResult\">";
		if($error) {
			echo $error;
		}else{
			if($editPW) {
				$password = password_hash($password, PASSWORD_BCRYPT);
				$query = mysqli_query($db, "UPDATE users SET rightsId='$group', classId='$classId', zip='$zip', city='$city', phonenumber='$phonenumber', firstname='$firstname', lastname='$lastname', password='$password', email='$email', skypename='$skype', rightsId='$rightsId' WHERE pnr='$pnr'");
				if($query) {
					echo "Ändrade kontakt-information";
				}else{
					echo "Kunde inte ändra kontakt-information";
				}
			}else{
				$query = mysqli_query($db, "UPDATE users SET rightsId='$group', classId='$classId', zip='$zip', city='$city', phonenumber='$phonenumber', firstname='$firstname', lastname='$lastname', email='$email', skypename='$skype', rightsId='$rightsId' WHERE pnr='$pnr'");
				if($query) {
					echo "Ändrade kontakt-information";
				}else{
					echo "Kunde inte ändra kontakt-information";
				}
			}
		}
		echo "</div>";
	}
}else{
	echo "<form class=\"formPnr\" action=\"\" method=\"POST\"><table>
	<tr><td>PERSONNUMMER:
	</td><td><input type=\"text\" name=\"pnr\"  maxlength=\"15\">
	</td><td><input type=\"submit\"name=\"submit\" value=\"Hämta\">
	</td></tr></table></form>";
	echo "<div id=\"result\"></div>";
	echo "<div id=\"userInfo\"></div>";
}
?>

<script src="script/jquery-1.11.1.min.js"></script>
<script src="script/ajaxlinks.js"></script>
<script>
var _SESSION = {};
_SESSION["currentPage"] = "modifyuser.php";
$('form.formPnr').submit(function (e) {
	e.preventDefault();
	var form = document.forms[0];
	var url = "submit=get";
	url += "&pnr="+form["pnr"].value;
	
	var page = getPage(_SESSION["currentPage"], "POST", url);
	var tmpDiv = document.createElement("div");
	tmpDiv.innerHTML = page;
	document.getElementById("userInfo").innerHTML = tmpDiv.querySelector("[id=formEdit]").innerHTML;
	
	$('form.formEdit').submit(function (e) {
		e.preventDefault();
		var form = document.forms[1];
		var url = "submit=edit";
		url += "&pnr="+form["pnr"].value;
		url += "&firstname="+form["firstname"].value;
		url += "&lastname="+form["lastname"].value;
		url += "&password="+form["password"].value;
		url += "&verifypassword="+form["verifypassword"].value;
		url += "&skypename="+form["skypename"].value;
		url += "&email="+form["email"].value;
		url += "&group="+form["group"].value;
		url += "&zip="+form["zip"].value;
		url += "&city="+form["city"].value;
		url += "&phonenumber="+form["phonenumber"].value;
	
		var page = getPage(_SESSION["currentPage"], "POST", url);
		var tmpDiv = document.createElement("div");
		tmpDiv.innerHTML = page;
		document.getElementById("result").innerHTML = tmpDiv.querySelector("[id=formResult]").innerHTML;
	
		return false;
	});
	
	return false;

});
</script>